wasabi-windows-x64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

wasabi-windows-x64.exe
Size

10.4MB
MD5

352ae657978091126af75b55acff0996
SHA1

7505d854fa5751fdf8c16706593da6ace4fb4ead
SHA256

0d9c8bde13dbedb43822836dfc99dcbd8c12d296be0afc13fb0cc890ec4ba34a
SHA512

8b6d91d23944ab78783bcf20ffb2ed2b2149fe13526e08670cfcda741711f5c638d6908106ba5d4857c0f61f4685c7612dfa35ecb0fd877c66f5fd84d71651c3
SSDEEP

98304:phOCKM+pA7KBMRM2kejG39gIC7dwBuJDQgIyvCbb9ETocjGZZXlE:hdq7yvGXE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wasabi-windows-x64.exe

Files

wasabi-windows-x64.exe
.exe windows:6 windows x64 arch:x64

ac167ca18f099b123821456f07988a83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\wasabi\wasabi\target\x86_64-pc-windows-msvc\release\deps\wasabi.pdb

Imports

kernel32

GlobalUnlock
GetSystemInfo
SetThreadErrorMode
LoadLibraryExW
GetProcAddress
GlobalSize
GlobalLock
TryAcquireSRWLockExclusive
SetEvent
FreeLibrary
ReleaseSRWLockShared
GetCommandLineW
AcquireSRWLockShared
GetStdHandle
GetConsoleMode
SetConsoleMode
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SetThreadStackGuarantee
Sleep
AddVectoredExceptionHandler
GetSystemTimeAsFileTime
CreateEventA
InitializeSListHead
WaitForMultipleObjectsEx
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
IsDebuggerPresent
lstrlenW
UnhandledExceptionFilter
MultiByteToWideChar
GlobalAlloc
SetUnhandledExceptionFilter
GlobalFree
GetCurrentThreadId
GetModuleHandleA
SleepConditionVariableSRW
WakeConditionVariable
SetFilePointerEx
HeapReAlloc
QueryPerformanceFrequency
GetCurrentThread
GetLastError
ReleaseSRWLockExclusive
WriteConsoleW
SetLastError
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
GetCurrentProcess
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CloseHandle
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
RtlCaptureContext
RtlLookupFunctionEntry
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
QueryPerformanceCounter
WakeAllConditionVariable
AcquireSRWLockExclusive
SwitchToThread
HeapAlloc
GetProcessHeap
HeapFree
IsProcessorFeaturePresent

user32

GetKeyState
ToUnicodeEx
GetKeyboardLayout
DispatchMessageW
TranslateMessage
PostMessageW
EnableMenuItem
SetWindowLongW
ShowWindow
RegisterRawInputDevices
GetMessageW
ShowCursor
SetClipboardData
EmptyClipboard
EnumDisplayMonitors
ClipCursor
GetWindowLongW
GetClipCursor
GetSystemMenu
OpenClipboard
EnumDisplaySettingsExW
DestroyIcon
GetClientRect
CreateWindowExW
RegisterClassExW
CreateIcon
PostThreadMessageW
SystemParametersInfoA
SetWindowPlacement
ChangeDisplaySettingsExW
GetUpdateRect
ValidateRect
GetRawInputData
GetMenu
GetMonitorInfoW
GetCursorPos
CloseTouchInputHandle
GetTouchInputInfo
SetCursor
LoadCursorW
TrackMouseEvent
SetCapture
ReleaseCapture
MonitorFromRect
GetWindowPlacement
ScreenToClient
GetWindowRect
IsProcessDPIAware
SetWindowLongPtrW
MonitorFromWindow
InvalidateRgn
SetWindowPos
ClientToScreen
GetActiveWindow
GetDC
RegisterTouchWindow
GetSystemMetrics
SetForegroundWindow
SendInput
MapVirtualKeyW
SetWindowDisplayAffinity
DefWindowProcW
SendMessageW
GetWindowLongPtrW
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
RedrawWindow
MapVirtualKeyA
GetKeyboardState
DestroyWindow
PeekMessageW
MsgWaitForMultipleObjectsEx
RegisterWindowMessageA
AdjustWindowRectEx

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmGetContext
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetCompositionStringW
ImmReleaseContext

ole32

CoInitializeEx
OleInitialize
CoTaskMemFree
PropVariantClear
RegisterDragDrop
CoUninitialize
RevokeDragDrop
CoCreateInstance

shell32

DragQueryFileW
DragFinish
SHGetKnownFolderPath
SHCreateItemFromParsingName

shlwapi

AssocQueryStringW

ntdll

RtlNtStatusToDosError
NtWriteFile
NtReadFile

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

uxtheme

SetWindowTheme

vcruntime140

memcmp
__current_exception_context
__current_exception
__C_specific_handler
__CxxFrameHandler3
memcpy
memmove
memset
_CxxThrowException

api-ms-win-crt-math-l1-1-0

atan2f
exp2f
cosf
log10
powf
roundf
ceil
round
_hypotf
expf
acosf
sinf
floor
cbrtf
truncf
sin
atan
cos
fmodf
fmod
ceilf
__setusermatherr
pow
trunc
floorf

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
_configure_narrow_argv
__p___argc
_seh_filter_exe
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_initialize_narrow_environment
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac167ca18f099b123821456f07988a83

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winmm

bcrypt

advapi32

gdi32

dwmapi

imm32

ole32

shell32

shlwapi

ntdll

oleaut32

uxtheme

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rdata Size: 3.3MB - Virtual size: 3.3MB

.data Size: 1KB - Virtual size: 515KB

.pdata Size: 203KB - Virtual size: 203KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.rdata
Size: 3.3MB - Virtual size: 3.3MB

.data
Size: 1KB - Virtual size: 515KB

.pdata
Size: 203KB - Virtual size: 203KB

.reloc
Size: 37KB - Virtual size: 37KB